CVE-2022-27806

Name of the Vulnerable Software and Affected Versions F5 BIG-IP Advanced WAF, ASM, and ASM versions 11.6.x through 16.1.x F5 BIG-IP Guided Configuration versions prior to 9.0

Description The issue allows an authenticated attacker with the Administrator role to bypass Appliance mode restrictions. This is achieved through command injection vulnerabilities in undisclosed URIs within F5 BIG-IP Guided Configuration when running in Appliance mode.

Recommendations For F5 BIG-IP Advanced WAF, ASM, and ASM versions 11.6.x through 16.1.x, update to a version that is not affected by this issue. For F5 BIG-IP Guided Configuration versions prior to 9.0, update to version 9.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Administrator role to minimize the risk of exploitation.